BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Agent Tesla and Taskun Malware Targeting US Education and Govt Entities
/in General NewsBy Deeba Ahmed
Beware! Agent Tesla & Taskun Malware are targeting US Education & Gov. This cyberattack steals data & exploits vulnerabilities. Learn how to protect schools & government agencies from this double threat!
This is a post from HackRead.com Read the original post: Agent Tesla and Taskun Malware Targeting US Education and Govt Entities
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Most People Still Rely on Memory or Pen and Paper for Password Management
/in General NewsA Bitwarden survey showed that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%).
Cyware News – Latest Cyber News – Read More
LSA Whisperer: Open-source tools for interacting with authentication packages
/in General NewsThe tool allows users to directly recover multiple types of credentials from the LSASS without accessing its memory. This includes recovering Kerberos tickets, SSO cookies, DPAPI credential keys, and NTLMv1 responses.
Cyware News – Latest Cyber News – Read More
Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People
/in General NewsFinancial Business and Consumer Solutions (FBCS) says compromised information may include names, dates of birth, Social Security numbers, and account information.
The post Collection Agency FBCS Says Data Breach Exposed Nearly 2 million People appeared first on SecurityWeek.
SecurityWeek – Read More
Okta Warns of Unprecedented Scale in Credential Stuffing Attacks on Online Services
/in General NewsThe attacks recently observed by Okta route requests through anonymizing services like TOR and residential proxies such as NSOCKS, Luminati, and DataImpulse. The experts noticed that millions of requests have been routed through these services.
Cyware News – Latest Cyber News – Read More
US Post Office Phishing Sites Get as Much Traffic as the Real One
/in General NewsSecurity researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays.
Cyware News – Latest Cyber News – Read More
Analysis of Native Process CLR Hosting Used by AgentTesla
/in General NewsThe initial infection vector is a Word document that downloads and executes a 64-bit Rust-compiled binary. This binary then downloads an encoded shellcode containing the AgentTesla payload.
Cyware News – Latest Cyber News – Read More
Japanese police create fake support scam payment cards to warn victims
/in General NewsThe cards are labeled “Virus Trojan Horse Removal Payment Card” and “Unpaid Bill Late Fee Payment Card,” and were created by the Echizen Police in the Fukui prefecture in Japan as an alert mechanism.
Cyware News – Latest Cyber News – Read More
Hackers Claim to Have Infiltrated Belarus’ Main Security Service
/in General NewsA Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees.
The post Hackers Claim to Have Infiltrated Belarus’ Main Security Service appeared first on SecurityWeek.
SecurityWeek – Read More
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
/in General NewsIdentity and access management (IAM) services provider Okta has warned of a spike in the “frequency and scale” of credential stuffing attacks aimed at online services.
These unprecedented attacks, observed over the last month, are said to be facilitated by “the broad availability of residential proxy services, lists of previously stolen credentials (‘combo lists’), and scripting tools,” the
The Hacker News – Read More